Methods and system for generating a confidential document

ABSTRACT

A system of devices receives and stores documents based on confidential information redacted from the documents. An electronic document is analyzed to identify character blocks having confidential information. The confidential information can be in different formats within the document. Redaction rules are applied to the character blocks to identify confidential categories for the confidential information within the blocks. The confidential information is redacted based on the rules such that the confidential information is removed from the document. A new electronic document is generated with the information redacted such that it is not viewable or printable. The two documents with different levels of confidential information is then stored on separate devices within the system.

FIELD OF THE INVENTION

The present invention relates to scanning and storing of documentshaving confidential information within a system of devices or imageforming apparatuses.

DESCRIPTION OF THE RELATED ART

In some office environments, users scan or print a document thatincludes sensitive/confidential information. A user may want to redactthat information, especially if the document is to be stored on a systemwith a plurality of image forming apparatuses. A user must take severalmeasures when removing or hiding confidential information on a scanned,faxed, or to-be-copied document. In order to avoid disclosure ofconfidential information, the user uses post-it notes, tape, correctionfluid, or stickers to block it from being reproduced or viewed in asubsequent document. Another way to hide the confidential information isto make a soft copy of the document, edit it through a document-editingsoftware program on a computer, and then reprint the corrected, edited,or fixed document. All of these tasks take time and resources, manytimes away from the printer or scanner. Further, a computer orappropriate office supplies may not be available to use. The resultingdocument also looks unprofessional in the case of using post-it notesand the like. Moreover, the user must rescan or enter the document intothe system to keep the original document from being available to otherusers.

SUMMARY OF THE INVENTION

A system is disclosed. The system includes a plurality of devicesinclude a first device having a first security status and a seconddevice having a security status. The system also includes a scannerhaving a processor in communication with the plurality of devices. Thescanner also includes a memory coupled to and readable by the processor.The memory stores a set of program instructions which, when executed bythe processor, configures the processor to scan a document to generate afirst electronic document using the scanner. The processor also isconfigured to perform an optical character recognition process on thefirst electronic document to obtain an optically-recognizedrepresentation of the first electronic document. The processor also isconfigured to determine at least one character block presented on theoptically-recognized representation of the first electronic document.The at least one character block includes at least one alphanumericcharacter. The processor also is configured to compare the at least onecharacter block with at least one format of confidential information.The processor also is configured to identify at least one confidentialcategory of the at least one character block based on the comparison.The processor also is configured to retrieve at least one alternativeobject associated with the confidential category from a confidentialdocument managing repository. The processor also is configured togenerate a second electronic document be electronically layering the atleast one alternative object on the respective at least one block.

A method for generating documents having confidential information foruse in a system is disclosed. The method includes scanning a document togenerate a first electronic document using the scanner. The method alsoincludes performing an optical character recognition process on thefirst electronic document to obtain an optically-recognizedrepresentation of the first electronic document. The method alsoincludes determining at least one character block presented on theoptically-recognized representation of the first electronic document.The at least one character block includes at least on alphanumericcharacter. The method also includes comparing the at least one characterblock with at least one format of confidential information. The methodalso includes identifying at least one confidential category of the atleast one character block based on the comparison. The method alsoincludes retrieving at least one alternative object associated with aconfidential category from a confidential document managing repository.The method also includes generating a second electronic document byelectronically layering the at least one alternative object on therespective at least one character block.

A device is disclosed. The device includes a processor to executeinstructions. The processor also includes a memory coupled to andreadable by the processor. The memory stores a set of instructionswhich, when executed by the processor, configures the device to scan adocument to generate a first electronic document. The device also isconfigured to perform an optical character recognition process on thefirst electronic document to obtain an optically-recognizedrepresentation of the first electronic document. The device also isconfigured to determine at least one character block presented on theoptically-recognized representation of the first electronic document.The at least one character block includes at least one alphanumericcharacter. The device also is configured to compare the at least onecharacter block with at least one format of confidential information.The device also is configured to identify at least one confidentialcategory of the at least one character block based on the comparison.The device also is configured to retrieve at least one alternativeobject associated with a confidential category from a confidentialdocument managing repository. The device also is configured to generatea second electronic document by electronically layering the at least onealternative object on the respective at least one character block.

BRIEF DESCRIPTION OF THE DRAWINGS

Various other features and attendant advantages of the present inventionwill be more fully appreciated when considered in conjunction with theaccompanying drawings.

FIG. 1 illustrates a system for handling confidential documentsaccording to the disclosed embodiments.

FIG. 2 illustrates a block diagram of a computer architecture for animage forming apparatus according to the disclosed embodiments.

FIG. 3 illustrates a block diagram of a plurality of confidentialdocuments generated according to the disclosed embodiments.

FIG. 4 illustrates a flowchart for generating documents havingconfidential information in the system according to the disclosedembodiments.

FIG. 5A illustrates a flowchart for optically-recognizing a characterblock in an electronic document according to the disclosed embodiments.

FIG. 5B illustrates a flowchart for applying a redaction rule of therules and redacting a character block from an electronic documentaccording to the disclosed embodiments.

FIG. 6A illustrates a flowchart for receiving a document code at adevice and retrieving an electronic document according to the disclosedembodiments.

FIG. 6B illustrates a flowchart for selecting a device to store agenerated electronic document according to the disclosed embodiments.

FIG. 7 illustrates a flowchart for accessing an electronic documentstored on a device within the system according to the disclosedembodiments.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Reference will now be made in detail to specific embodiments of thepresent invention. Examples of these embodiments are illustrated in theaccompanying drawings. Numerous specific details are set forth in orderto provide a thorough understanding of the present invention. While theembodiments will be described in conjunction with the drawings, it willbe understood that the following description is not intended to limitthe present invention to any one embodiment. On the contrary, thefollowing description is intended to cover alternatives, modifications,and equivalents as may be included within the spirit and scope of theappended claims. Numerous specific details are set forth in order toprovide a thorough understanding of the present invention.

The disclosed embodiments provide an application along with computerarchitecture that may scan a file and allow a user to redact sensitiveinformation automatically. The user may print or store the redactedversion of the scanned file. The image forming system includes aplurality of image forming apparatuses. In some embodiments, there maybe at least three image forming apparatuses in the system. Each imageforming apparatus stores a different version of the redactedconfidential document. Thus, the need to memorize passwords or log-ininformation for different security levels is not needed. The disclosedsystem may reduce the time and worry with processing and storingdocuments with confidential information.

An example system of image forming apparatuses includes a first imageforming apparatus that has an original document. The image formingapparatuses also may be known as printing devices, scanning devices, ordevices. The system also includes a second image forming apparatushaving a redacted document, wherein the confidential information isredacted. The first image forming apparatus is accessible by anadministrator with a higher level of permission to view or print theoriginal document. The second image forming apparatus is accessible bymost other employees that only have access to the redacted document. Thesecond level of security permission cannot access the redactedconfidential information in the original document stored at the firstimage forming apparatus.

An example process may be from a user's point of view. The originalowner of the document may scan the file at the first image formingapparatus. A device running the application may execute to perform thefunctions disclosed below. The device may detect categories, such asnames, dates, locations, prices, identification numbers, personalinformation, and the like. The original owner then may specify the imageforming apparatuses or devices that can view what types of information.For example, device A can view names and dates. Device B cannot view anynames, dates, or locations. The original owner also may specify anexpiration date of the document or what time or period that the file canbe accessed. An instruction may specify that the document will expire inX days or that the document may be accessed only during working hours.Devices may be categorized as either an individual device or a groupdevice. An individual device may belong to one user and will require nofurther authentication to access documents. A group device may requireauthentication to access documents. For example, an individual devicemay be a mobile smartphone while a group device may be an image formingapparatus.

Another example process may include scanning a document. The user goesto an image forming apparatus and opens an application, such as theKYOCERA Confidential (KC) HyPAS™ application. The user logs in with auser name, personal identification number, biometric information, andthe like along with a password. The user also may log in to theapparatus using a one-time guest use. The user scans a few pages and thedocument with the confidential information is stored on the imageforming apparatus. The application detects several categories in thedocument, such as names, dates, locations, prices, personal information,and the like.

The user then may print the redacted confidential document. The useralso may send the confidential document over the system, possibly forstorage in other image forming apparatuses. The user can set multipleconfidential levels. The user also can set what types of information isavailable for each level, can set how to access the documents, such aspersonal identification numbers, QR or other graphic codes, barcodes,and the like. The user also can specify which users have access from auser list.

For example, the user may set three levels of access associated with asecurity or confidential status. Level 1 access may retrieve only datesin the document. Level 2 access may retrieve dates and names in thedocument. Level 3 access may retrieve the entire document. Access alsomay be set for once or multiple times. The document will be deletedafter being accessed once or after a certain date, or whichever occursfirst. The document also may be deleted after a certain date, no matterhow many times it is accessed. It also may be deleted after a certainnumber of days. The user also may set an access time, such as thedocument may be accessed during working hours, accessed only onweekdays, only during the morning hours, or accessed anytime. The useralso may indicate access locations. The document may be accessed onlyfrom specified devices or image forming apparatuses, only access fromdevices connected to the network, or accessed from anywhere. The useralso can save scan settings as a template so that the user may selectthe template instead of reentering or inputting the same settings whenscanning.

In some embodiments, the user receives document codes that may be used.If the access type is set as a personal identification number (PIN),barcode, QR or other graphical code, then the PIN, barcode, QR or othergraphical code corresponds to a specific confidential level. The user isallowed to email a code to other users that then allow them to use thecode to access the proper level of security. If access type is set as aspecific user, then the specified user will be able to access thedocument after logging into his/her account. Once logged in, the usermay view the following details of the document, such as when thedocument was accessed, from which device or image forming apparatus thedocument was accessed, or who accessed the document, such as a guest orunknown user or a specific user.

Some embodiments also relate to accessing a document by a specific user.The user logs into the application with the appropriate identification,such biometric, PIN, username, and the like plus a password. The usercan see a list of files being shared with him or her. The user may theninput a code or PIN to access a document within the list. The user, ifallowed, then may print the document. The user also may access thedocument as a one-time user.

An “administrator” may refer to someone who has a high level of accessor control. The administrator also is a user. The administrator may goto an image forming apparatus and opens the confidential application.The administrator may log in as a device or image forming apparatusadministrator.

The steps disclosed by the processes below may be performed in a firstimage forming apparatus, or multi-functional printer (MFP). In thiscase, the first electronic document is a scanned document or anelectronic document stored in a repository, such as a confidentialdocument managing repository. This repository may reside in one or moreimage forming apparatuses. The repository also can be an externaldatabase that is accessed by the image forming apparatuses. In someembodiments, a server acts as a confidential document managing serverthat executes the steps. The term “processor” may refer to one or moreprocessors. The processes disclosed below may be executed by oneprocessor at an image forming apparatus or another processor at anotherimage forming apparatus connected to the image forming apparatus. Theprocessor also may refer to a processor on the connected server or adistributed processing network.

The redaction of information may include retrieving confidentialinformation format data from a confidential document managementrepository. The confidential format data includes one or more formats ofconfidential items that corresponds to one of a plurality ofconfidential categories. For example, confidential items within ascanned document may include Jeff Smith (name), 111-22-3333 (governmentidentification number), 202-555-1243 (phone number), 1234-567890 (bankaccount number), 26/11/1970 (birth date), and the like. The confidentialitems will have a confidential information format, such as XXX-XX-XXXXfor government identification number, XXX-XXX-XXXX for phone number, andthe like. Confidential categories may include user name, governmentidentification number, phone number, back account information, date ofbirth, and the like.

The first electronic document is analyzed. This analysis may includeperforming an optical character recognition on the first electronicdocument to obtain an optically-recognized representation of the firstelectronic document. At least one character block presented on theoptically-recognized representation of the first electronic document isdetermined. The at least one character block includes one or morealphanumeric characters. The character block is compared with one ormore formats of the confidential information. The comparison determinesat least one confidential character block from the recognized characterblocks. The confidential character blocks include confidentialinformation.

The disclosed embodiments also identify one or more confidentialcategories of the at least one confidential block based on thecomparison. A confidential category may be related to variousconfidential terms commonly found in the documents, such as name,address, phone number, identification number, age, and the like. Thedisclosed system then retrieves one or more alternative objectsassociated with the confidential categories from the confidentialdocument managing repository. The alternative objects are storedassociated with the respective confidential category in the confidentialdocument managing repository. Using this data, a second electronicdocument is generated by electronically layering the one or morealternative objects on the respective confidential objects.

This process also may be used in conjunction with additional features tostore, access, print, modify, and the like for the electronic documents.For example, a third electronic document may be generated that is inbetween security levels for the first electronic document and the secondelectronic document. The different electronic documents may be stored atdifferent image forming apparatuses having the different security levelsfor access.

FIG. 1 depicts a system 100 for handling confidential documentsaccording to the disclosed embodiments. System 100 includes a pluralityof image forming apparatuses 104-118. Image forming apparatuses may bereferred to as printing devices, scanning devices, information storagedevices, and the like. For simplicity, the disclosed embodiments willrefer to “devices” for these components of system 100. Each device mayhave a security status, which also may be known as security level,clearance, and the like. The security status for a device may be shownby AA, BB, CC, and XX in FIG. 1. For example, device 104 has a securitystatus of AA, device 106 has a security status of BB, and device 108 hasa security status of CC. The type of security status may determine thetype and level of confidential information may be handled by the device.

In terms of confidential information, a security status of AA mayindicate the highest level of security within system 100, or the abilityto receive the highest level of confidential information. Device 104,for example, may receive and process the highest level of confidentialinformation within system 100. Device 104 also may store the highestlevel of confidential documents as well as edit such documents. Asecurity status of BB may indicate the second highest level of securitywithin system 100, a security status of CC may indicate the thirdhighest level of security within system 100, and so on. A securitystatus of XX may indicate that no confidential information should bestored on that device.

In some embodiments, a document requiring a security status of AA maynot be stored or printed on device 106 or 108. A document having asecurity status of BB may be stored or printed on device 104, as it hasa higher security status as well as device 106. It may not be stored orprinted on device 108, which has a security status of CC. Alternatively,a document may not be printed, stored, or processed on a device thatdoes not have the exact same security status as that allowed on thedevice. Thus, a document having a security status of BB may not bestored or printed on device 104.

Devices 104-118 may send and receive documents over network 102. Network102 may be a wired or wireless network supporting a protocol to exchangeinformation between devices. Network 102 may be an intranet network inthat it connects devices within an organization or company. Network 102may communicate with an outside network in order to exchangeinformation. In other embodiments, network 102 may be connected throughthe Internet. The devices in network 102 should have unique addressessuch that information, documents, emails, and the like are delivered toan address corresponding with the destination device.

System 100 also may include a scanner 105. Scanner 105 may be a separatecomponent within system 100 or it may be embodied in a device, such asdevice 104. In other words, device 104 incorporates a scanner in itscomponents. In some embodiments, scanner 105 includes a scanning unitthat moves across a document placed on top of a scanning plate. As thescanning unit moves, a light source shines on the document. The lightstrikes the document and is reflected. The reflected light passes toscanner lens onto the charge-coupled device (CCD) sensors. The CCDsensors measure the amount of light reflected through the image andconverts the light to an analog voltage. The analog voltage is convertedto digital values by an analog-to-digital converter (ADC). Thisinformation is stored in an electronic document comprised of pixels.

System 100 also includes administrator 120, server 122, and confidentialdocument managing repository 124. Administrator 120 may control devices104-118, such as assigning security levels, as well as managing flowwithin network 102. It also may set the rules applicable to system 100stored in repository 124. In some embodiments, administrator 120 may bea module located within one of the devices within system 100.Alternatively, it may be a separate device that communicates throughnetwork 102.

Server 122 is a confidential document managing server within system 100.Server 122 includes a database connected to network 102 that storesinformation accessible by device 104-118 within system 100. Server 122also may be located at a device within system 100. In other words, oneof the devices may include a database and processor that acts as aserver within network 102, with its own unique address and the like.Documents may be sent to server 122 for storage. Server 122 may bebroken into storage locations corresponding to the security levels forthe received documents and information.

Repository 124 is a confidential document managing repository.Repository 124 includes confidential information format data of one ormore formats of confidential items found within documents used andexchanged in system 100. The confidential items within a document mayrelate to one or more confidential categories recognized by repository124. Repository 124 also includes one or more alternative objectsassociated with the confidential categories that may be sent, as needed,to devices 104-118. Repository 124 also includes rules applicable todocuments within system 100. These features are disclosed in greaterdetail below. In some embodiments, repository 124 may be located withinserver 122, but acts as its own separate entity within system 100 with aunique address to send and receive information. Information withinrepository 124 may be accessible by administrator 120, but not any otherdevice or entity within system 100. As can be appreciated, repository124 has a security status that allows it to receive, store, access,process, and the like any confidential level of document.

Mobile devices 126 and 128 also may be within system 100. The mobiledevices may utilize any of the devices within system 100 for printing,scanning, processing, and the like. Mobile devices 126 and 128 do notnecessarily have security statuses like devices 104-118, but they may belimited to certain devices due to the security statuses. As disclosed ingreater detail below, a code may be sent to a mobile device thatassociates with a document within system 100. Thus, mobile device 126may receive code 126 g while mobile device 128 receives code 128 g.Preferably, codes 126 g and 128 g are graphical codes readable by thedevices within system 100.

Devices 104-118 include beacons 130 installed therein. Beacons 130indicate a location of the devices. Not all devices are at an equaldistance apart. For example, device 104 may be on a third floor in alocation at the north side of the building. Devices 110 may be near thesame location. Device 106 may be located on the first floor at theeastern side of the office building along with devices 114 and 116.Beacons 130 indicate these physical locations. Locations of the devicesand beacons may be captured in a network topology map used byadministrator 120 or repository 124. Beacons 130 may be utilized todetermine a best path to send a document within system 100.

Documents are received within system 100. A scanner within each devicescans and generates an electronic document of the document. Thedisclosed embodiments then may make alterations or changes to theelectronic document to hide or remove confidential information accordingto the rules and categories applied by repository 124. The resultingmodified document may be sent to another device within system 100 forfurther processing, printing, or storage. The electronic document may befurther modified according to the rules and categories applied byrepository 124 for that device. The further modified document may besent within system 100 for further processing, printing, or storage, andso on.

For example, electronic document A may be received at device 104. Device104 may scan a physical copy of electronic document A or receive it fromanother component within system 100, such as server 122 or mobile device126 or 128. The electronic document is modified to remove or redactconfidential information identified therein. The modified document maybe document B, generated by device 104. Document B, however, may nothave a security status of AA. Instead, it has a security status of BB.Thus, it may not be stored or printed on device 104.

Document B may be sent over network 102 to device 106, which has asecurity status of BB. Document B may be further modified to remove orredact confidential information to generate document C. Document C has asecurity status of CC so it is sent to device 108 within system 100. Themodification process is performed again to generate document X. DocumentX may have all confidential information redacted and only able to bestored or printed on devices having a security status of XX. Otherlevels of security statuses may be used with XX being the lowest. Allelectronic documents generated within system 100 may be stored in server122 or repository 124. To print or access one of these documents at adevice, a user may have to present a code or identification number atthe applicable device to retrieve the document. For example, a userwould need a code or identification number to access document A storedon device 104 that is acceptable for that level of security andconfidentiality.

FIG. 2 depicts a block diagram of a computer architecture for a device104 within system 100 according to the disclosed embodiments. Device 104is shown but the disclosed architecture may apply to any device withinsystem 100. The architecture discloses a printing device, a scanningdevice, a multi-functional printer or an image forming apparatus thatscans documents to perform other functions, such as printing, storing,copying, and the like. Device 104 uses engine 260 to coordinate andexecute these operations.

Device 104 includes a computing platform 201 that performs operations tosupport these functions. Computing platform 201 includes a computerprocessing unit (CPU) 202, an image forming unit 204, a memory unit 206,and a network communication interface 210. Other components may beincluded but are not shown for brevity. Device 104, using computingplatform 201, may be configured to perform various operations, such asscanning, copying, printing, receiving or sending a facsimile, ordocument processing. As such, device 104 may be a printing device or amulti-function peripheral including a scanner, and one or more functionsof a copier, a facsimile device, and a printer. To provide thesefunctions, device 104 includes printer components 220 to performprinting operations, copier components 222 to perform copyingoperations, scanner components 224 to perform scanning operations, andfacsimile components 226 to receive and send facsimile documents. CPU202 may issue instructions to these components to perform the desiredoperations.

Device 104 also includes a finisher 211 and one or more paper cassettes212. Finisher 211 includes rotatable downstream rollers to move paperswith an image formed surface after the desired operation to a tray.Finisher 211 also may perform additional actions, such as sorting thefinished papers, binding sheets of papers with staples, doubling,creasing, punching holes, folding, and the like. Paper cassettes 212supply paper to the various components 220, 222, 224, and 226 to createthe image formed surfaces on the papers. Paper cassettes 212 may includepapers having various sizes, colors, composition, and the like. Papercassettes 212 may be removed to refill as needed.

Document processor input feeder tray 230 may be the physical componentsof device 104 to receive papers and documents to be processed. Adocument is placed on or in document processor input feeder tray 230,which moves the document to other components within device 104. Themovement of the document from document processor input feeder tray 230may be controlled by the instructions input by the user. For example,the document may move to a scanner flatbed for scanning operations.Thus, document processor input feeder tray 230 provides the document toscanner components 220. As shown in FIG. 2, document processor inputfeeder tray 230 may interact with engine firmware 106 to perform thedesired operations.

Memory unit 206 includes memory storage locations 214 to storeinstructions 215. Instructions 215 are executable on CPU 202 or otherprocessors associated with device 104, such as any processors withincomponents 220, 222, 224, or 226. Memory unit 206 also may storeinformation for various programs and applications, as well as dataspecific to device 104. For example, a storage location 214 may includedata for running an operating system executed by computing platform 201to support the components within device 104.

Memory unit 206 may comprise volatile and non-volatile memory. Volatilememory may include random access memory (RAM). Examples of non-volatilememory may include read-only memory (ROM), flash memory, electricallyerasable programmable read-only memory (EEPROM), digital tape, a harddisk drive (HDD), or a solid-state drive (SSD). Memory unit 206 alsoincludes any combination of readable or writable volatile memories ornon-volatile memories, along with other possible memory devices.

Computing platform 201 may host one or more processors, such as CPU 202.These processors are capable of executing instructions 215 stored at oneor more storage locations 214. By executing these instructions, theprocessors cause device 104 to perform various operations. Theprocessors also may incorporate processing units for specific purposes,such as application-specific integrated circuits (ASICs) and fieldprogrammable gate arrays (FPGAs). Other processors may be included forexecuting operations particular to components 220, 222, 224, and 226. Inother words, the particular processors may cause device 104 to act as aprinter, copier, scanner, or a facsimile device.

Device 104 also may include an operations panel 208, which may beconnected to computing platform 201. Operations panel 208 may include adisplay unit 216 and an input unit 217 for facilitating interaction witha user to provide commands to device 104. Display unit 216 may be anyelectronic video display, such as a liquid crystal display (LCD). Inputunit 217 may include any combination of devices that allow users toinput information into operations panel 208, such as buttons, a touchscreen, a keyboard or keypad, switches, dials, and the like. Preferably,input unit 217 includes a touch-screen digitizer overlaid onto displayunit 216 that senses touch to receive inputs from the user. By thismanner, the user interacts with display unit 216.

Device 104 also includes network communication processing unit 218.Network communication processing unit 218 may establish a networkcommunication, such as a wireless or wired connection with othercomponents within system 100 over network 102. CPU 202 may instructnetwork communication processing unit 218 to transmit or retrieveinformation over network 102 using network communication interface 210.As data is received at computing platform 201 over a network, networkcommunication processing unit 218 decodes the incoming packets anddelivers them to CPU 202. CPU 202 may act accordingly by causingoperations to occur on device 104. CPU 202 also may retrieve informationstored in memory unit 206, such as settings for device 104.

Device 104 also includes engine 260. Engine 260 may be a combination ofhardware, firmware, or software components that act accordingly toaccomplish a task. For example, engine 260 is comprised of thecomponents as referenced above to scan and display a document. It mayreceive instructions from computing platform 201 after user inputs viaoperations panel 208. Alternatively, engine 260 may receive instructionsfrom other devices and components within system 100.

Engine 260 manages and operates the low-level mechanism of the printingdevice engine, such as hardware components that actuate placement oftoner onto paper. Engine 260 may manage and coordinate the half-toner,toner cartridges, rollers, schedulers, storage, input/output operations,and the like. Raster image processor (RIP) firmware 290 that interpretsthe page description languages (PDLs) would transmit and sendinstructions down to the lower-level engine 260 for actual rendering ofan image and application of the toner onto paper during operations ondevice 104.

The computer architecture disclosed by FIG. 2 may be configured toaccomplish the operations for handling confidential documents withinsystem 100 according to confidential application 250. Confidentialapplication 250 may be supported by computing platform 201. One or moreCPUs 202 may coordinate the creation, generation, and tracking of theconfidential documents that move throughout system 100 when confidentialapplication 250 is launched. CPU 202 may execute instructions 215 storedin memory 206 to enable confidential application 250. Such embodimentsresult in device 104 acting as an administrator and computing device forsystem 100. These functions and features may be implemented on otherdevices within system 100. In other words, confidential application 250may send instructions to other components and receive information fromthese components within system 100.

When confidential application 250 is executed, it may instruct CPU 202to configure device 104 into a special purpose machine to perform thefunctions disclosed below as well as apply the rules for system 100provided by repository 124. Confidential application 250 also mayinstruct CPU 202 to store documents in memory 206, though thesedocuments may not be available to a user of device 104. As a specialpurpose machine, device 104 performs the operations specifically definedby confidential application 250 to control a plurality of devices withinsystem 100 to generate and exchange confidential documents.

In some embodiments, server 122 or repository 124 may be put into actionon device 104. As such, confidential application 250, CPU 202 and othercomponents of computing platform 201 can access server 122 or repository124 directly on device 104, without the need to go through network 102.Memory 206 may set aside locations in the memory storage for thedatabases needed for each component. As shown in FIG. 2, server 122 andrepository 124 are separate components within device 104, such asseparate memory structures.

Beacon 130 also is located on device 104. Beacon 130 may be a hardwareor firmware component that receives location information for globalpositioning satellites (GPS) or other sources that is provided tocomputing platform 201. In other embodiments, beacon 103 is programmedto provide a location within system 100. Beacons are used to determinethe distance between devices and the lengths of various paths withinsystem 100.

FIG. 3 depicts a block diagram of a plurality of confidential documentsgenerated according to the disclosed embodiments. Where appropriate,FIG. 3 refers back to documents A, B, C, and X of FIG. 1 as well asapplicable components within system 100. FIG. 3 also depicts the processto generate each document and manage confidential information within thedocuments.

Original document 302 is received at a device within system 100, such asdevice 104. Original document 302 may be scanned by the device, such asusing scanner components 224. Alternatively, original document 302 isreceived at the device over network 102, possibly as an electronicdocument. It also may be received as a document from mobile device 126or 128. Thus, original document 302 is scanned elsewhere before beingprovided to the device. An electronic document is generated from thescanning process. The electronic document is shown by document A in FIG.3.

Document A is an electronic document that includes text and graphicsrepresentative of the original material on document 302. Pixels comprisethe text and graphics. Groups of pixels may be recognizable usingoptical character recognition as one or more character blocks. DocumentA shows character blocks A100, B100, C100, and X100. The disclosedembodiments are not limited to these character blocks. Any number ofcharacter blocks may be present in document A.

Preferably, the character blocks include one or more alphanumericcharacters. The characters may be combined to form confidentialinformation. For example, character block A100 may represent the name ofa user, character block B100 may represent the social security number ofthe user, character block C100 may represent the phone number of theuser, and character block X100 may represent an account number forfinancial institution for the user. Within these character blocks, theinformation may have a format, such as XXX-XX-XXXX for social securitynumber, XXX-XXX-XXXX for phone number, or 1234-567890 for accountnumber. The name character block may include alphabetical characters andnot have recognizable numerical characters. The applicable formats forthe different confidential categories may be set forth in confidentialdocument redaction rules 304.

Confidential document redaction rules 304 are retrieved from repository124. Rules 304 includes confidential categories C1, C2, C3, and C4. Theconfidential categories include representations of confidentialinformation that may be applicable to electronic document A. Theconfidential information also may be in alphanumeric characters, whichcorrespond to one of the confidential categories. Using the aboveexample, confidential category C1 may apply to confidential informationfor a name found in character block A100, confidential category C2 mayapply to confidential information for a social security found incharacter block B100, confidential category C3 may apply to confidentialinformation for a phone number found in character block C100, andconfidential category C4 may apply to confidential information for anaccount number found in character block X100.

Rules 304 also set forth how the confidential categories are applied onelectronic document A. For example, device 104 may execute the processto compare the format of confidential information within theconfidential categories against the character blocks, or alphanumericcharacters, in document A. The character blocks are identified based onknown characteristics of character blocks and then compared toconfidential information formats within the categories. Confidentialinformation is identified in the character blocks based on theconfidential categories in rules 304.

The disclosed embodiments, therefore, may retrieve confidentialinformation format data from a confidential document managementrepository 124. The confidential information format data may include oneor more formats of confidential items. The confidential informationformat data each corresponds to one of a plurality of confidentialcategories set forth in rules 304.

Confidential items may include user name, social security number, phoneor mobile number, and bank account information. The confidential itemsmay have a confidential information format, such as the examplesprovided above. Social security number confidential items may have aconfidential information format of XXX-XX-XXXX. Thus, the confidentialcategories that are identified in the analyzed electronic document areuser name, social security number, phone number, and bank accountinformation.

Referring to document A, rules 304 identify character block A100 ashaving confidential information, such as the name of someone in thedocument. After identification of confidential information in characterblock A100, repository 124 sends alternative object 320 to device 104.Alternative object 320 corresponds to the confidential information to beredacted in character block A100. Device 104 overlays alternative object320 on character block A100 so that the confidential information thereinis not visible within the document. Thus, electronic document B1 isgenerated after the confidential information in character block A100 isredacted by alternative object 320 overlaid on document A.

Electronic document B1 is generated with redacted confidentialinformation 306. Document B1 still includes character blocks B100, C100,and X100 with potential confidential information. Rules 304 appliesconfidential categories C1, C2, C3, and C4 to electronic document B1 toidentify confidential information in one of the character blocks. Inthis instance, device 104 identifies character block B100 as havingconfidential information as indicated by confidential category C2.Alternative object 322 corresponding to confidential category C2 isprovided by repository 124 to overlay on character block B100. After theconfidential information is redacted from character block B100,electronic document C is generated with redacted confidentialinformation 306 and 308.

The process of identifying confidential information using theconfidential categories set forth by rules 304 may be repeated until allconfidential information in the character blocks is redacted. Not allinformation in document 302 should be redacted. FIG. 3 shows electronicdocument X of the final iteration of the disclosed process. Electronicdocument C received alternative object 324 and overlaid it ontocharacter block C100, which was identified as having confidentialinformation. Electronic document X includes redacted confidentialinformation 306 corresponding to the information in character blockA100, redacted confidential information 308 corresponding to theinformation in character block B100, and redacted confidentialinformation 310 corresponding to the information in character blockC100. In the example from above, character block C100 may includeconfidential information correlating to the phone number of the personmentioned in document 302. The disclosed embodiment may further identifyconfidential information in character block X100, so that alternativeobject 326 is provided to redact the confidential information therein.

According to some embodiments, different categories of confidentialinformation may be identified and redacted to generate two or moreelectronic documents from one analyzed electronic document. For example,electronic document B2 may be generated from electronic document B1.Rules 304 may indicate that an electronic document separate fromelectronic document B1 is to be generated to redact the confidentialinformation from a different character block in electronic document A. Aconfidential item is identified in character block X100 and redactedusing another alternative object 320. Electronic document B2 isgenerated with redacted information 311 as opposed to redactedinformation 306 in electronic document B1. In other embodiments,character blocks A100 and X100 in electronic document A may beidentified and redacted to generate an electronic document having bothredacted information 306 and 311.

Based on the redacted information, each electronic document includes asecurity status associated with the security statuses used in system100. The security status indicates where in system 100 the document maybe stored and who can access the document. As electronic document A hasno redacted information, it may be given a security status 332 of AA.Electronic document A may be stored and accessed, for example, on device104. Electronic document B has a different security status 342 as itincludes redacted information. A document with redacted informationshould not have as high of a security status as electronic document A.Security status 342 may correspond to devices having a security statusof BB in system 100. Electronic document B1 may be stored and accessedon device 106. Electronic documents C and X also have security statuses,though these are not shown.

Using the security statuses, the electronic documents generated by thedisclosed embodiments may be stored, accessed, printed, viewed, and thelike at different devices within system 100. Electronic document Ahaving a security status 332 of AA may be stored on device 104 or device114. It may not be stored on devices 106, 108, 110, 112, 116, or 118.Further, one may not access electronic document A from these devicesunless he/she has a proper code or authentication. Electronic documentB1 having a security status of BB may be stored on device 106. It alsomay be stored on device AA, which as a higher security status. In otherembodiments, electronic document B1 may be limited to device 106 and notaccessible at any other device shown in FIG. 1.

Electronic documents C and X also have security statuses associated withthe level of confidential information in the identified characterblocks. For example, electronic document C may have a security status352 of CC, which allows it to be stored on device 108 in system 100. Itmay be limited to this device, or may be accessible at devices 104, 106,and 114 having higher security statuses. Electronic document X mayrepresent a document having most, if not all, confidential informationredacted therein. In some embodiments, no security status is generatedfor electronic document X. Consequently, electronic document X may bestored and accessed on any device within system 100. All documents andassociated security statuses may be stored in confidential documentmanaging server 122.

Other items may be generated for each electronic document. These itemsmay be known as parameters as they limit how the document may beutilized and accessed. For example, an expiration parameter 330 may beissued with electronic document A. The expiration parameter may refer toa predetermined length of time that the document will be available. Thethresholds for the expiration parameters may be related to the level ofsecurity status for the document. After an expiration parameterthreshold is reached, the document is purged or deleted from system 100.Electronic document B1 corresponding to security status 342 may have anexpiration parameter 340, which differs from expiration parameter 330for electronic document A. Electronic document C corresponding tosecurity status 352 has an expiration parameter 350. Electronic documentX may not have any expiration parameters such that this document willremain available in system 100 until a command is given to delete them.

In some embodiments, the expiration parameters may relate to apredetermined length of time that the documents are available in system100. For example, the predetermined length of time may have a firstthreshold of 10 days, a second threshold of 20 days, and a thirdthreshold of 15 days. Expiration parameter 330 may be 10 days, whichcorresponds to security status 332 for electronic document A. System 100may allow documents having all of its confidential information to beavailable for 10 days. After the 10 days, the documents having asecurity status for AA devices are deleted. Expiration parameter 340 maybe 20 days due to electronic document B1 having confidential informationredacted. It isn't as risky to have electronic document B1 available insystem 100 longer than electronic document A.

Another possible expiration parameter is the number of times that adocument may be printed. Documents with confidential information shouldnot be printed as much as those with the information redacted. Thus, thenumber of times printed may have a first threshold of 5 times, a secondthreshold of 20 times, and third threshold of 10 times. Anotherexpiration parameter may be the number of times accessed within system100. Access may include viewing, forwarding, and other activitiesbesides printing. The number of times accessed may have a firstthreshold of 5 times, a second threshold of 20 times, and a thirdthreshold of 10 times.

Expiration parameters are calculated based on rules 304. The amount ofconfidential information in the generated electronic document dictatesthe length of the threshold before the parameter expires and thedocument deleted from system 100. In some embodiments, if an expirationparameter exceeds the expiration parameter threshold, then anotherversion of the electronic document is sent to replace the one deletedfrom system 100. Preferably, the replacement document has a lowersecurity status than the deleted document. Thus, the document is keptavailable within system 100, but with less risk of giving awayconfidential information.

Information regarding usage of the electronic documents may be stored onsystem 100, preferably at server 122. The usage information is accessedat each instance that the electronic document is retrieved. Server 122will receive a request to check on the usage information. It adjusts theusage information accordingly for the document. Rules 304 in repository124 are then checked to see if the usage exceeds the expirationparameter threshold. Using the length of time example, server 122 mayadjust its usage information at a certain time of the day, such asmidnight (12 am) Pacific Standard Time (PST). It then compares thestored documents to rules 304 to remove those that have exceeded theparameter threshold.

Codes, such as graphical codes and authentication codes, may begenerated as well along with the electronic documents. The codes may beused to access or retrieve the documents based on the level ofconfidential information in the documents. As shown in FIG. 3, code 334may be generated with electronic document A, code 344 generated forelectronic document B1, and code 354 generated for electronic documentC. Electronic document X also may have a code, though it is not shown inFIG. 3. Alternatively, electronic document X may not have a codegenerated as access to this document is not limited to any specificdevice or security status.

For example, the disclosed embodiments may generate a first graphicalcode as code 334 for electronic document A, a second graphical code ascode 344 for electronic document B1, and a third graphical code forelectronic document C. The graphical codes may be stored on theappropriate device, such as device 104 for code 334, device 106 for code344, and device 108 for code 354. The graphical codes are used to accessthe corresponding documents from other devices or mobile device 126 or128.

For example, code 334 as a graphical code 126 g may be sent to mobiledevice 126. A user having a security status of AA requests to accesselectronic document A from device 106. Device 106 prompts the user toscan graphical code 126 g corresponding to code 334 from mobile device126. System 100 receives graphical code 126 g and sends the scanned codeto device 104. Device 104 verifies the veracity of graphical code 126 gand that it corresponds to code 334 for electronic document A stored atthe device. Electronic document A may be sent to device 106 for use bythe user having mobile device 126. This process may be repeated usingcode 344 for electronic document B1 and code 354 for electronic documentC. Electronic document X does not need a code for access.

In some embodiments, codes 334, 344, and 354 are quick response (QR)codes or matrix barcodes. Using the QR codes, information on the userand device 104 may be encoded. When code 334 is scanned as a QR code ondevice 106, the second device may decode the graphical code scanned andretrieve information included in the graphical code. Instead of sendingcode 334 to device 104, device 106 can send the decoded informationaccording to the information on device 104 as information on thedestination for receipt. In other words, the QR code includesinformation in additional to authenticating access to electronicdocument A.

In other embodiments, codes 334, 344, and 354 are authentication codesused to access a document stored on another device within system 100.One enters the authentication code on a device to access the documentstored elsewhere. In some embodiments, the authentication code may onlybe required when a request to a higher-level document is performed on alower security status device, such as requesting electronic document B1from device 108. Examples of authentication codes may be a password, apersonal identification number (PIN), such as 4 numbers, or graphicalcodes. Alternatively, an authentication code may be generated along witha graphical code.

FIG. 4 depicts a flowchart 400 for generating documents havingconfidential information in system 100 according to the disclosedembodiments. Where applicable, reference is made back to the featuresdisclosed by FIGS. 1-3 for illustrative purposes. The embodimentsdisclosed herein, however, are not limited to the disclosure of FIGS.1-3.

Step 401 executes by scanning original document 302. An electronicrepresentation is made of the text, characters, and graphics in document302. Thus, a first electronic document is generated, such as electronicdocument A. Step 402 executes by analyzing the first electronic documentat a device, scanner, server, or processor within system 100. Forexample, the first electronic document may be received at device 104including scanner 105, which has CPU 202 and other computer componentsto execute the functions disclosed below. The electronic document isanalyzed by performing an optical character recognition process,disclosed in greater detail below.

Step 404 executes by identifying one or more character blocks in thefirst electronic document. As shown in FIG. 3, electronic document Aincludes character blocks A100, B100, C100, and X100. The characterblocks are identified within the electronic document be comparing thealphanumeric characters within the blocks to known character blocks.Alternatively, character blocks may be identified by the location in thefirst electronic document, such as the name and address line as well asthe salutation line in a letter. Templates may be used from server 122,rules 304 of repository 124, and the like to identify the characterblocks.

Step 406 executes by applying one or more redaction rules to thecharacter blocks having confidential information in the first electronicdocument. This step is disclosed in greater detail below. One or morecharacter blocks may include confidential information that needs to beredacted in order to meet the security requirements for distribution andavailability on system 100. Step 406 applies at least one redaction ruleto overlay the character block with confidential information with analternative object, thereby masking the confidential information withinthe electronic document. Thus, step 408 executes by redacting one ormore character blocks according to the appropriate redaction rule.

As a result of the redaction of confidential information, step 410executes by generating a second electronic document, such as electronicdocument B1 in FIG. 3. The second electronic document has a characterblock redacted such that it does not have as much confidentialinformation therein as the first electronic document. Referring to FIG.3, electronic document B1 has character block A100 redacted. Step 412executes by generating any parameters or codes associated with thesecond electronic document. Similar parameters and codes may begenerated for the first electronic document as well, either here or instep 401 or 402. Further, each electronic document has a differentsecurity status to indicate what devices within system 100 may access orprint the document.

Steps 414 executes by storing the first electronic document along withany associated parameters or codes at a first device, such as device104, in system 100. Device 104 has a security status corresponding tothat of the first electronic document. Device 104 supports documentshaving the highest level of security. For example, device 104 may belocated in a secure area in a building or a secure facility on amilitary base. Only personnel having the highest level of securitystatus may use device 104.

Step 416 executes by storing the second electronic document along withany associated parameters or codes at a second device, such as device106. As shown in FIG. 1, device 106 has a security status of BB, whichis lower than AA of device 104. Thus, two versions of document 302 maybe processed and stored within system 100. A confidential informationredaction rule is used to generate the second electronic document byredacting the confidential information. Further, the first electronicdocument is not stored or accessed from the second device. Electronicdocument A is not accessible from device 106, absent an authenticationcode or graphical code allowing a user access to device 104. The secondelectronic document, however, allows use of the information not redactedby one cleared to operate device 106.

Step 418 executes by identifying the character blocks within the secondelectronic document. Referring to FIG. 3, electronic document B1includes character blocks B100, C100, and X100. One of these characterblocks contains further confidential information. It may not be assensitive as the information redacted in step 408, but still is privateor damaging if made public. Step 420 executes by applying theappropriate redaction rule from rules 304 stored in repository 124. Step418 may execute like step 406 disclosed above. Step 422 executes byredacting the identified character block from the second electronicdocument.

Flowchart 400 proceeds to A, which proceeds to steps 424 and 426. Step424 executes by generating a third electronic document, such aselectronic document C shown in FIG. 3. Electronic document C hascharacter blocks A100 and B100 redacted such that it includes lessconfidential information than electronic document B1, or the seconddocument. Step 426 executes by generating applicable parameter(s) andcode(s) corresponding to the third electronic document.

Step 428 executes by storing the second electronic document and thethird electronic document in the second device and the third device insystem 100, respectively. Referring to FIG. 1, the third electronicdocument, or document C, is stored in device 108. Device 108 has thesame security level as the third electronic document. The thirdelectronic document should not be stored on devices 104 and 106. Step430 executes by repeating the disclosed process of identifying characterblocks, applying the redaction rule, and redacting the character blockhaving confidential information until no further character blocks orconfidential information is left in the final generated electronicdocument. All confidential information in original document 302 has beenredacted.

FIG. 5A illustrates a flowchart 50 for optically-recognizing a characterblock in an electronic document according to the disclosed embodiments.Flowchart 50 may correspond to steps 402 and 404 in flowchart 400, butalso apply to any actions where an electronic document is analyzed toidentify one or more character blocks, such as step 418 for the secondelectronic document in FIG. 4.

Step 52 executes by performing an optical character recognition processon the scanned electronic document. The recognition process analyzes thepixels within the electronic document to determine representations ofletters and numbers, also known as alphanumeric characters. A templateof acceptable alphanumeric characters for confidential information orcharacter blocks may be stored at repository 124 or located within rules304. Alternatively, files used for character recognition may be storedat the device or scanner itself, such as in a memory connected to aprocessor within the device or scanner. The optical characterrecognition process may remove from consideration those items in thepixels of the electronic document that are not alphanumeric characters.For example, logos, pictures, or white space may not be identified ascharacter blocks. These items most likely do not include anyconfidential information.

Step 54 executes by obtaining an optically-recognized representation ofthe electronic document based on the recognition process. Therepresentation may be stored at the device or scanner in a memory, suchas memory 206 disclosed above. It also may be stored away from thedevice or scanner, such as at server 122. The representation includesthe alphanumeric characters recognized in the electronic document. Step56 executes by identifying the alphanumeric characters in therepresentation.

Step 58 executes by determining a character block using the alphanumericcharacters. The disclosed embodiments determine that a group ofcharacters comprise a character block of information. This informationis related in some manner, such as a name, number, sentence, and thelike. Step 60 executes by determining the end of the character block.The end should be determined such that the character block does notextend to include characters not necessarily related to the characterblock. Examples of ending the character block include detection of whitespace, or pixels not having any color/greyscale in them. In otherembodiments, the representation is broken into character blocks suchthat a new line of characters is started as soon as white space isdetected. Steps 58 and 60 may be repeated until all the character blocksin the electronic document are identified. The disclosed embodimentsthen may use the character blocks identified by the recognition processto indicate wherein the electronic document that the potentialconfidential information is located.

FIG. 5B depicts a flowchart 500 for applying a redaction rule for rules304 and redacting a character block from an electronic documentaccording to the disclosed embodiments. Flowchart 500 may correspond tosteps 406 and 408 as well as steps 420 and 422 in flowchart 400.

Step 502 executes by identifying a confidential character item in acharacter block in the document. Referring to FIG. 3, electronicdocument A includes character block A100. Character block A100 includesa confidential character item, as identified due to its format. Theconfidential character item includes confidential information, such asname, social security number, address, phone number, account numbers,passwords, and the like. Formats of confidential information to beredacted by system 100 are stored in repository 124 with rules 304. Insome embodiments, the alphanumeric characters within the character blockare compared to the formats of the confidential information to identifythe confidential character item.

Step 504 executes by accessing rules 304. Preferably, rules 304 arelocated in repository 124. As disclosed above, rules 304 includeconfidential categories C1-C4. Additional confidential categories may beoutlined in rules 304. Step 506 executes by comparing the characterblock having confidential information item to the confidentialcategories in rules 304. Each confidential category C1, C2, C3, and C4will correspond to a certain format or type of confidential information.For example, confidential category C1 may correspond to confidentialitems having a name. Confidential category C2 may correspond to aconfidential item in a character block having a social security number,or an XXX-XX-XXXX format. Not all confidential categories may be appliedin redacting confidential information from a document.

Step 508 executes by identifying an applicable confidential categorybased on the comparison done in step 506. The confidential categoryfurther corresponds to an alternative object that is used to redact theconfidential item in the character block. Using the example ofelectronic document A, alternative object 320 is determined tocorrespond to confidential category C1. Confidential category A pertainsto a user name, as the one found in character block A100. Alternativeobject 320 is the item used to redact names from documents.

Step 512 executes by electronically layering the alternative object ontothe character block with the confidential item. Instead of the name withalphanumeric characters, an object having a mask or other data toobscure the characters is placed in the document. The confidential itemshould be not viewable or printable after the alternative object isapplied. Thus, the character block having confidential information isredacted from the electronic document. Referring the example above,character block A100 in electronic document A is redacted usingalternative object 320. As a result, the second electronic document isgenerated having the alternative object in place the redacted characterblock.

Steps 514, 516, 518, and 520 execute in response to the generation of anew electronic document with the redacted information. These stepspertain to the various parameters and codes that may accompany theelectronic document within system 100. These items may be stored withthe electronic document. Step 514 executes by generating a securitystatus for the second electronic document based on the informationredacted by the alternative object. In some embodiments, theconfidential categories may relate to a security status, or level.Redaction of highly sensitive information may result in a lower securitystatus for the resulting document. The security status may determinewhere the generated document with redacted information is stored,accessed, printed, and who may perform these actions.

Step 516 executes by generating a graphic code for the document with theredacted information. The use of the graphic code is disclosed above.Step 518 executes by generating an authentication code that may be usedto access the resulting document. Step 520 executes by generating one ormore parameters, if applicable, for the resulting document. Examples ofparameters are disclosed above. It should be noted that steps 514-520preferably are executed for the first document received in step 402. Inother words, electronic document A also includes a security status,graphic code, authentication code, or a parameter.

Step 522 executes by storing or forwarding the resulting document withthe redacted information based on the security status or otherlimitation within system 100. This step may be applicable when thesecond electronic document is generated on a device with a highersecurity status. For example, electronic document B generated on device104. Electronic document B cannot be stored on device 104 so it is sentto device 106 having the appropriate security status. As disclosedabove, these steps may be repeated to generate a third, fourth, fifth,and any number of electronic documents having redacted information.

FIG. 6A depicts a flowchart 600 for receiving a document code at adevice and retrieving an electronic document according to the disclosedembodiments. As disclosed above, codes may be generated along with theelectronic documents. One such code may be a document code. The documentcode may be a graphical code indicating the electronic document and itssecurity status. Other information may be included with the code, suchas storage location within system 100 and any applicable parameters.Alternatively, the document code may be a number or alphanumericcharacters that indicate the document.

Step 602 executes by generating a first document code for a firstelectronic document at a first device. Referring to FIG. 3, electronicdocument A may have code 334 associated therewith. Step 604 executes bystoring the first document code on a device having an appropriatesecurity status. For example, electronic document A is stored on device104. Document code 334 also is stored on device 104. Step 606 executesby generating a second document code for a second electronic document ata second device. The second electronic document includes informationthat was redacted from the first electronic document. Referring to FIG.3, electronic document B1 has a code 344 associated with it. Documentcode 344 is different than document code 334. Step 608 executes bystoring the second document code on the second device. Using the aboveexample, electronic document B1 and document code 344 are stored ondevice 106 in system 100.

Step 610 executes by receiving a document code at one of the devices insystem 100. In some embodiments, the document code is scanned into thedevice. In other embodiments, the document code is entered using aninput device, such as a keyboard, graphical user interface, operationspanel 208, and the like. The user enters the document code in order toretrieve and use the stored electronic document. The user, however, maybe restricted on whether he/she can access the document. For example,the user may be limited to the second electronic document with theconfidential information redacted.

The requested electronic document may not be stored on the devicereceiving the document code. Thus, step 612 executes by determiningwhether the electronic document requested by the document code is storedon the device. If it is not, then a request will need to be sent toanother device storing the electronic document. The requested electronicdocument then may be sent to the device receiving the document code.

If step 612 is yes, then step 614 executes by verifying the documentcode received at the device corresponds to the requested electronicdocument. Verification may be done by comparing the received documentcode to the document code stored on the device for the electronicdocument. For example, if graphical code 126 g for electronic document Ais received at device 104, then it is compared to document code 334 toverify that the request is acceptable. If it is not, then an alert maybe displayed or may be sent to the user. If it is acceptable, then step616 executes by retrieving the electronic document from the device. Step618 executes by displaying or printing the electronic document inresponse to receipt of the document code.

If step 612 is no, then step 620 executes by forwarding the documentcode to an appropriate device storing the electronic document. Forexample, document code 334 for electronic document A is received atdevice 108. Device 108 does not have the security status acceptable tostore electronic document A. Therefore, device 108 may forward thedocument code to the nearest device storing electronic document A. Insome embodiments, beacons 130 may be used to determine which device toaccess for the requested document. As disclosed above, beacons 130 mayindicate a location of the devices such that a distance between devicesmay be determined. For example, if document code 334 is received atdevice 116, then system 100 may send the request to device 114, whichmay have electronic document A due to its security status of AA, as itis closer to device 116 than device 104.

Step 622 executes by receiving the document code at the destinationdevice having the corresponding electronic document. Step 624 executesby verifying the received document code against the stored document codefor the requested electronic document, as disclosed above. Step 626executes by retrieving the electronic document. Step 628 executes byforwarding the retrieved electronic document to the device that receivedthe document code. The requested document may be sent to a device, evenif it does not have a security status acceptable to store the document.For example, electronic document A may be sent to device 114 because theuser has access to the document that does not have redacted information.Flowchart 600 proceeds to step 618 to display or print the electronicdocument.

FIG. 6B depicts a flowchart 650 for selecting a device to store agenerated electronic document according to the disclosed embodiments.Flowchart 650 may correspond to steps 414, 416, 428, or any process inwhich an electronic document is scanned or generated then stored on adevice in system 100. Using beacons 130, the disclosed embodiments mayselect a device nearest to scanner 105 or the applicable devicegenerating the document. It also may select a device nearest the userhaving control of the electronic document.

Step 652 executes by generating an electronic document at a device. Thegenerated document may be scanned into the device or by scanner 105.Alternatively, the generated document may be created using the processesdisclosed above with regards to redacting confidential information in afirst electronic document. One or more character blocks may be redactedusing alternative objects layered onto the source electronic document.The generated electronic document also may include a security status aswell as associated code(s) and parameter(s).

Alternatively, step 654 may execute by receiving a request for theelectronic document from another device within system 100. Step 654 maycorrespond to flowchart 600 wherein a document is requested from adevice using a document code. The requested document is sent to anotherdevice within system 100.

Step 656 executes by determining a security status for the electronicdocument. The security status determines what devices may receive,store, display, or print the electronic document within system 100.Referring to FIG. 3, device 108 may not store electronic document A asit does not have the acceptable security status associated with thedocument. Step 658 executes by determining the acceptable devices toreceive the electronic document. An electronic document having asecurity status of AA may be received and stored on devices 104 and 114as shown in FIG. 3. One having a security status of XX may be stored onany device in system 100.

Step 660 executes by determining the optimal device to receive, store,display, or print the electronic document. In some embodiments, beacons130 may be used to determine the shortest distance from the devicegenerating or retrieving the electronic document to an acceptabledevice. Beacons 130 may indicate specific locations within system 100.The disclosed embodiments can determine the distance between devicesbased on the location of the beacons. Alternatively, beacons 130 mayindicate nodes within system 100. Distance between the nodes is notimportant as that files must be routed from each node to another node.Step 660 may seek the shortest route through the nodes to the desireddevice.

Referring to FIG. 3, an electronic document having a security status ofBB is scanned on device 112. Device 112 may be located near devices 108and 110. Thus, one route to device 106 to store document may be throughthese devices, especially if device 108 is physically close to device106. Alternatively, device 112 may connect directly through network 102to device 106 to avoid the additional nodes of devices 108 and 110. Inanother example, a device 110 may have a security status of BB. Device110 is nearer to device 112 than device 106. Thus, an electronicdocument having a security status of BB is sent to device 110. Othercriteria may be used to select the optimal device to receive theelectronic document, such as the device closest to the author of thedocument, the closest device with a printer, and so on. In alternateembodiments, step 660 may select the device furthest away from thesource device.

Step 662 executes by forwarding the electronic document to the optimaldevice. Step 664 executes by storing the electronic document at theselected device. The document may be stored with an associated documentcode. Alternatively, step 664 may execute by displaying or printing thedocument if it was requested in step 654.

FIG. 7 depicts a flowchart 700 for accessing an electronic documentstored on a device within system 100 according to the disclosedembodiments. In the processes disclosed by flowchart 700, a storedelectronic document is accessed and retrieved. The document may or maynot have redacted information. The disclosed embodiments may preventunauthorized access to documents with confidential information but allowaccess to similar documents having this information redacted.

Step 702 executes by entering an authentication code for a document intoa device in system 100. The device may be one of devices 104-118 ormobile devices 126 and 128. The user enters the authentication code,which is assigned to the electronic document when it is generated.Alternatively, the authentication code may be generated upon requestfrom the user having the appropriate status level from the device. Inthis manner, two separate authentication codes may be sent to twodifferent users for the same electronic document having confidentialinformation. As disclosed above, the authentication code may be a PINhaving 4 numbers, a graphical or QR code, a password, and the like.

Step 704 executes by determining whether a document code should be sentto the device for the user. In other words, the user or systemdetermines that the device should process the document code in order toaccess the electronic document. If yes, then step 706 executes bysending the document code for the electronic document to the device ofthe user. Again, the document code may be a graphical code withinformation associated with the electronic document and its locationwithin system 100.

Step 708 executes by receiving the document code at the device. In someembodiments, steps 702-706 are skipped such that the user enters thedocument code directly into the device. For example, the user may have agraphical code 126 g for the electronic document on her mobile device126. This code was generated with the electronic document and stored onmobile device 126. Alternatively, the user may retrieve the documentcode from the device storing the electronic document. For example, inorder to access electronic document A, device 104 provides a documentcode.

Step 710 executes by entering or scanning the document code at thedevice. If the code is a PIN or number, then the user may enter it usinga keypad or operations panel 208. Step 712 executes by identifying thedevice or storage location within system 100 that has the requestedelectronic document. For example, electronic document A may be storedand accessible from device 104. It also may be stored in server 122.

Referring back to step 704, if it is no, then step 714 executes byrequesting the electronic document directly from its storage location.The authentication code may correlate with the information needed toaccess the electronic document. The authentication code is received by adevice in system 100 and compared against information for the electronicdocument stored in the device, another device, or server 122 todetermine the location of the document. After step 714, flowchart 700proceeds to step 712.

Step 716 executes by checking the security or confidential status of therequested electronic document. Step 718 executes by determining whetheraccess is allowed based on the request from the document code or thelevel of the user entering the authentication code. It also maydetermine whether the device requesting the document is allowed toreceive the electronic document having confidential information. If not,then step 720 executes by indicating a problem occurred. A message maybe sent to the user via her device. An error light may illuminate. Insome embodiments, the requested electronic document is not sent to thedevice sending the request based on the document code.

If step 718 is yes, then step 722 executes by retrieving the electronicdocument. If the document has redacted information, then the disclosedembodiments make sure that the information is still redacted beforefurther operations. Step 724 executes by forwarding the electronicdocument including any redacted information to the device receiving thedocument code or authentication code to request the document.

Steps 726-30 executes with the user or device making further redactionson the retrieved document, using the features disclosed above. The usermay manually redact information from the electronic document. Thus, step726 executes by redacting further confidential information from thedocument. Step 728 executes by generating a new electronic document withthe redacted information. Step 728 may follow the embodiments disclosedabove. Step 730 executes by storing the new electronic document on adevice within system 100.

Flowchart 700 may be executed for any status for the document. Thus, asecond document code may be used to access and retrieve a secondelectronic document based on a first electronic document. The secondelectronic document includes redacted confidential information such thatthe information is not viewable or printable. The second electronicdocument will receive a different document code or authentication codethat is used to access it within system 100.

As will be appreciated by one skilled in the art, the present inventionmay be embodied as a system, method or computer program product.Accordingly, the present invention may take the form of an entirelyhardware embodiment, an entirely software embodiment (includingfirmware, resident software, micro-code, etc.) or an embodimentcombining software and hardware aspects that may all generally bereferred to herein as a “circuit,” “module” or “system.” Furthermore,the present invention may take the form of a computer program productembodied in any tangible medium of expression having computer-usableprogram code embodied in the medium.

Any combination of one or more computer usable or computer readablemedium(s) may be utilized. The computer-usable or computer-readablemedium may be, for example but not limited to, an electronic, magnetic,optical, electromagnetic, infrared, or semiconductor system, apparatus,device, or propagation medium. More specific examples (a non-exhaustivelist) of the computer-readable medium would include the following: anelectrical connection having one or more wires, a portable computerdiskette, a hard disk, a random access memory (RAM), a read-only memory(ROM), an erasable programmable read-only memory (EPROM or Flashmemory), an optical fiber, a portable compact disc read-only memory(CD-ROM), an optical storage device, a transmission media such as thosesupporting the Internet or an intranet, or a magnetic storage device.Note that the computer-usable or computer-readable medium could even bepaper or another suitable medium upon which the program is printed, asthe program can be electronically captured, via, for instance, opticalscanning of the paper or other medium, then compiled, interpreted, orotherwise processed in a suitable manner, if necessary, and then storedin a computer memory.

Computer program code for carrying out operations of the presentinvention may be written in any combination of one or more programminglanguages, including an object oriented programming language such asJava, Smalltalk, C++ or the like and conventional procedural programminglanguages, such as the “C” programming language or similar programminglanguages. The program code may execute entirely on the user's computer,partly on the user's computer, as a stand-alone software package, partlyon the user's computer and partly on a remote computer or entirely onthe remote computer or server. In the latter scenario, the remotecomputer may be connected to the user's computer through any type ofnetwork, including a local area network (LAN) or a wide area network(WAN), or the connection may be made to an external computer (forexample, through the Internet using an Internet Service Provider).

The present invention is described with reference to flowchartillustrations and/or block diagrams of methods, apparatus (systems) andcomputer program products according to embodiments of the invention. Itwill be understood that each block of the flowchart illustrations and/orblock diagrams, and combinations of blocks in the flowchartillustrations and/or block diagrams, can be implemented by computerprogram instructions. These computer program instructions may beprovided to a processor of a general purpose computer, special purposecomputer, or other programmable data processing apparatus to produce amachine, such that the instructions, which execute via the processor ofthe computer or other programmable data processing apparatus, createmeans for implementing the functions/acts specified in the flowchartand/or block diagram block or blocks.

The flowchart and block diagrams in the figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof code, which comprises one or more executable instructions forimplementing the specified logical function(s). It should also be notedthat, in some alternative implementations, the functions noted in theblock may occur out of the order noted in the figures. For example, twoblocks shown in succession may, in fact, be executed substantiallyconcurrently, or the blocks may sometimes be executed in the reverseorder, depending upon the functionality involved. It will also be notedthat each block of the block diagrams and/or flowchart illustration, andcombinations of blocks in the block diagrams and/or flowchartillustration, can be implemented by special purpose hardware-basedsystems that perform the specified functions or acts, or combinations ofspecial purpose hardware and computer instructions.

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of the invention. Asused herein, the singular forms “a,” “an” and “the” are intended toinclude plural forms as well, unless the context clearly indicatesotherwise. It will be further understood that the terms “comprises”and/or “comprising,” when used in this specification, specific thepresence of stated features, integers, steps, operations, elements,and/or components, but do not preclude the presence or addition of oneor more other features, integers, steps, operation, elements,components, and/or groups thereof.

Embodiments may be implemented as a computer process, a computing systemor as an article of manufacture such as a computer program product ofcomputer readable media. The computer program product may be a computerstorage medium readable by a computer system and encoding computerprogram instructions for executing a computer process. When accessed,the instructions cause a processor to enable other components to performthe functions disclosed above.

The corresponding structures, material, acts, and equivalents of allmeans or steps plus function elements in the claims below are intendedto include any structure, material or act for performing the function incombination with other claimed elements are specifically claimed. Thedescription of the present invention has been presented for purposes ofillustration and description, but is not intended to be exhaustive orlimited to the invention in the form disclosed. Many modifications andvariations will be apparent to those of ordinary skill without departingfrom the scope and spirit of the invention. The embodiment was chosenand described in order to best explain the principles of the inventionand the practical application, and to enable others of ordinary skill inthe art to understand the invention for embodiments with variousmodifications as are suited to the particular use contemplated.

One or more portions of the disclosed networks or systems may bedistributed across one or more computer systems coupled to a networkcapable of exchanging information and data. These computer systems alsomay be general-purpose computer systems. Various functions andcomponents of the computer system may be distributed across multipleclient computer platforms, or configured to perform tasks as part of adistributed system. These components may be executable, intermediate orinterpreted code that communicates over the network using a protocol.The components may have specified addresses or other designators toidentify the components within the network.

It will be apparent to those skilled in the art that variousmodifications to the disclosed may be made without departing from thespirit or scope of the invention. Thus, it is intended that the presentinvention covers the modifications and variations disclosed aboveprovided that these changes come within the scope of the claims andtheir equivalents.

The invention claimed is:
 1. A system comprising; a plurality of devicescomprising a first device having a first security status and a seconddevice having a second security status; a scanner comprising a processorin communication with the plurality of devices; and a memory coupled toand readable by the processor, the memory storing a set of programinstructions which, when executed by the processor, configures theprocessor to scan a document to generate a first electronic document;perform an optical character recognition process on the first electronicdocument to obtain an optically-recognized representation of the firstelectronic document; determine at least one character block presented onthe optically-recognized representation of the first electronicdocument, the at least one character block including at least onealphanumeric character; compare the at least one character block with atleast one format of confidential information; identify at least oneconfidential category of the at least one character block based on thecomparison; retrieve at least one alternative object associated with aconfidential category from a confidential document managing repository;and generate a second electronic document by electronically layering theat least one alternative object on the respective at least one characterblock.
 2. The system of devices of claim 1, wherein the processor isconfigured further to store the first electronic document at the firstdevice and the second electronic document at the second device.
 3. Thesystem of devices of claim 2, wherein the processor is configuredfurther to associate the first electronic document with the firstsecurity status and the second electronic document with the secondsecurity status.
 4. The system of devices of claim 1, wherein theprocessor is configured further to generate a first document code forthe first electronic document and a second document code for the secondelectronic document, and provide the first document code to a devicehaving the first security status and the second document code to adevice having the second security status.
 5. The system of device ofclaim 4, wherein the first device is configured to display or print thefirst electronic document upon receipt of the first document code, andthe second device is configured to display or print the secondelectronic document upon receipt of the second document code.
 6. Thesystem of devices of claim 1, wherein the second device is configured toreceive a first document code corresponding to the first electronicdocument; send the first document code received at the second device tothe first device; and receive the first electronic document from thefirst device.
 7. The system of devices of claim 6, wherein the firstdevice is configured to verify the first document code received from thesecond device corresponds to the first electronic document by comparingthe first document code to a code stored at the first device.
 8. Thesystem of devices of claim 1, wherein the processor is configured todetermine whether a third device having the first security status iscloser to the scanner than the first device and to store the firstelectronic document at the third device.
 9. A method for generatingdocuments having confidential information for use in a system, themethod comprising: scanning a document to generate a first electronicdocument; performing an optical character recognition process on thefirst electronic document to obtain an optically-recognizedrepresentation of the first electronic document; determining at leastone character block presented on the optically-recognized representationof the first electronic document, the at least one character blockincluding at least one alphanumeric character; comparing the at leastone character block with at least one format of confidentialinformation; identifying at least one confidential category of the atleast one character block based on the comparison; retrieving at leastone alternative object associated with a confidential category from aconfidential document managing repository; and generating a secondelectronic document by electronically layering the at least onealternative object on the respective at least one character block. 10.The method of claim 9, further comprising storing the first electronicdocument at a first device and the second electronic document at asecond device.
 11. The method of claim 10, further comprisingassociating the first electronic document with the first security statusand the second electronic document with the second security status. 12.The method of claim 9, further comprising generating a first documentcode for the first electronic document and a second document code forthe second electronic document, and providing the first document code toa device having the first security status and the second document codeto a device having the second security status.
 13. The method of claim12, further comprising displaying or printing the first electronicdocument upon receipt of the first document code at the first device anddisplaying or printing the second electronic document upon receipt ofthe second document code at the second device.
 14. The method of claim9, further comprising receiving a first document code corresponding tothe first electronic document; sending the first document code receivedat a second device to a first device; and receiving the first electronicdocument from the first device.
 15. The method of claim 14, furthercomprising verifying the first document code received from the seconddevice corresponds to the first electronic document by comparing thefirst document code to a code stored at the first device.
 16. The methodof claim 9, further comprising determining whether a third device havingthe first security status is closer to the scanner than the first deviceand to store the first electronic document at the third device.
 17. Adevice comprising: a processor to execute instructions; a memory coupledto and readable by the processor, the memory storing a set of programinstructions which, when executed by the processor, configures thedevice to scan a document to generate a first electronic document;perform an optical character recognition process on the first electronicdocument to obtain an optically-recognized representation of the firstelectronic document; determine at least one character block presented onthe optically-recognized representation of the first electronicdocument, the at least one character block including at least onealphanumeric character; compare the at least one character block with atleast one format of confidential information; identify at least oneconfidential category of the at least one character block based on thecomparison; retrieve at least one alternative object associated with aconfidential category from a confidential document managing repository;and generate a second electronic document by electronically layering theat least one alternative object on the respective at least one characterblock.
 18. The device of claim 17, wherein the set of instructions, whenexecuted on the processor, configures the device to store the firstelectronic document at a first storage location and the secondelectronic document at a second storage location.
 19. The device ofclaim 17, wherein the set of instructions, when executed on theprocessor, configures the device to associate the first electronicdocument with the first security status and the second electronicdocument with the second security status.
 20. The device of claim 17,wherein the set of instructions, when executed on the processor,configures the device to determine a first storage location having afirst security status closest to the device and storing the firstelectronic document at the first storage location and to determine asecond storage location having a second security status further from thedevice than the first storage location and storing the second electronicdocument at the second storage location.